Splunk Cloud as a SIEM for Cybersecurity CollaboraFon



Similar documents
Cyber Security Operations Center (CSOC) for Critical Infrastructure Protection

Transform E- Commerce the Domino s Pizza Way

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

The Computerworld Honors Program

How To Create Situational Awareness

More Comprehensive Digital Intelligence - CorrelaFng Client and Server- side Data

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Ecom Infotech. Page 1 of 6

The fast track to top skills and top jobs in cyber. Guaranteed.

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON

ISE Northeast Executive Forum and Awards

From the Datacenter to the Dean s office

ESKISP Direct security architecture development

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Enterprise Security Tactical Plan

Accenture Cyber Security Transformation. October 2015

Cyber intelligence in an online world

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

THE EVOLUTION OF SIEM

Logging In: Auditing Cybersecurity in an Unsecure World

Quick Service Data for Quick Service Restaurants

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Working with the FBI

Intelligence Driven Security

Splunk: Using Big Data for Cybersecurity

TAKE SIEM TO THE CLOUD:

National Cybersecurity & Communications Integration Center (NCCIC)

The Protection Mission a constant endeavor

Defending Against Data Beaches: Internal Controls for Cybersecurity

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

1 Introduction Product Description Strengths and Challenges Copyright... 5

Cybersecurity and Insurance Companies

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cybersecurity..Is your PE Firm Ready? October 30, 2014

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

CYBER SECURITY OPERATIONS CENTRE

End-user Security Analytics Strengthens Protection with ArcSight

CALNET 3 Category 7 Network Based Management Security. Table of Contents

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

Report on CAP Cybersecurity November 5, 2015

How To Buy Nitro Security

The Benefits of an Integrated Approach to Security in the Cloud

Overcoming Five Critical Cybersecurity Gaps

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

A global infrastructure to safeguard your business_

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

A Primer on Cyber Threat Intelligence

Situational Awareness A Discussion

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Increase insight. Reduce risk. Feel confident.

FIVE PRACTICAL STEPS

Comprehensive Security with Splunk and Cisco

CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL

Program Overview and 2015 Outlook

Cybersecurity in an All-IP World Are You Prepared?

Get the most out of Public Sector Cyber Security Associations & Collaboration

Security Camp Conference Fine Art of Balancing Security & Privacy

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

Enterprise Security and Risk Management

STREAM Cyber Security

The Value of Vulnerability Management*

The Cyber Threat Profiler

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

Certified Information Security Manager (CISM)

The Importance of Cyber Threat Intelligence to a Strong Security Posture

SANS Top 20 Critical Controls for Effective Cyber Defense

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Italy. EY s Global Information Security Survey 2013

Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

Building a cloud- based SIEM with Splunk Cloud and AWS

How To Manage Security On A Networked Computer System

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

EU CIP Project DENSEK. Joining forces against cyber threats on European level

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

High End Information Security Services

Defending against modern threats Kruger National Park ICCWS 2015

How RSA has helped EMC to secure its Virtual Infrastructure

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

McAfee Security Architectures for the Public Sector

Cyber Security Metrics Dashboards & Analytics

Splunk Enterprise in the Cloud Vision and Roadmap

CYBERSECURITY EXAMINATION SWEEP SUMMARY

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

An enterprise grade information security & forensic technical team

North American Electric Reliability Corporation (NERC) Cyber Security Standard

INSIDE A CYBER SECURITY OPERATIONS CENTRE

VIRGINIA CYBER SECURITY COMMISSION November 7, 2014

What Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity

Transcription:

Copyright 2015 Splunk Inc. Splunk Cloud as a SIEM for Cybersecurity CollaboraFon Timothy Lee CISO, City of Los Angeles

Disclaimer During the course of this presentafon, we may make forward looking statements regarding future events or the expected performance of the company. We caufon you that such statements reflect our current expectafons and esfmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentafon are being made as of the Fme and date of its live presentafon. If reviewed aqer its live presentafon, this presentafon may not contain current or accurate informafon. We do not assume any obligafon to update any forward looking statements we may make. In addifon, any informafon about our roadmap outlines our general product direcfon and is subject to change at any Fme without nofce. It is for informafonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligafon either to develop the features or funcfonality described or to include any such feature or funcfonality in a future release. 2

City of Los Angeles! 4 million people, 465 sq mi, 15- Council District! 2 nd largest city in the US! 1.8 million employed! 42.2 million annual visitors! 42 departments with 35,000 FTE! Port of LA, Airport, Water and Power 3 proprietary departments all managing their own networks! InformaFon Technology Agency (ITA) manages the rest

Our Challenge! IT Security Team is understaffed! Dispersed log capturing capabilifes! Minimal use of collaborafon tools! Lack of Incident Management pla]orm! No integrated threat intelligence program! Limited situafonal awareness and operafonal metrics for City as a whole! Imbalance in response capability! Growing cyber threats including DDoS & Malware

Mayor s ExecuFve DirecFve on Cybersecurity! Facilitate the idenfficafon and invesfgafon of cyber threats and intrusions against City assets! Ensure incidents are quickly, properly, and thoroughly invesfgated by the appropriate law enforcement agency! Facilitate disseminafon of cybersecurity alerts and informafon! Provide uniform governance structure accountable to City leadership! Coordinate incident response and remediafon across the City! Serve as an advisory body to City departments! Sponsor independent security assessments to reduce security risks! Ensure awareness of best pracfces 5

Our SoluFon Integrated Security OperaFons Center Leveraging Splunk Cloud and Splunk Enterprise Security 6

Integrated Security OperaFons Center City of Los Angeles Integrated Security Operations Center Situational Awareness Threat Intelligence REPORT COLLECT City of LA Integrated SOC PROMOTE COLLABORATE Information Security ITA LAWA DWP POLA Physical Security LAPD LAXPD LAPP DWP FBI Threat Info Services DHS/USSS MS-ISAC Internal 7 External

Integrated Security OperaFons Center 8

How Did We Sell It Internally?! Prepare to answer why you need SIEM and why cloud- based ê Security Audit Report (RecommendaFon and AcFon Plan) ê Compliance Gap Assessment Report ê Security metrics (numbers of intrusion afempts, incidents, outages caused by incidents, top afackers, threat acfvity and trends etc.) ê Present it from the business risk perspecfve! Engage others outside of IT to also help sell it! Provide potenfal risks of not implemenfng SIEM! Share real- world examples of cyber incidents and costs that your audience can relate to! Provide source of funding for implementafon and operafons! Align results to organizafonal goals 9

Example: ExecuFve Dashboards 10

Use Case Example: Top Afackers 11

Use Case Example: Top DesFnaFon By Specific Afacker 12

Use Case Example: Malware Monitoring 13

Lessons Learned! Conduct SOC readiness assessment before anything else! Prepare to answer why you need CSOC! Look for grant opportunifes! Pick the right tools and technology! Be mindful of operafng costs! Pick the right contractor! Pick the right team. Invest in people.! Cybersecurity collaborafon and informafon sharing are essenfal 14

Resources! Security OperaFon Center Concepts & ImplementaFon Renaud Bidou! How to Deploy SIEM Technology Gartner March 02, 2015! Using SIEM for Targeted Afack DetecFon Gartner March 12, 2014! Top 6 SIEM Use Cases InfosecinsFtute.com May 15, 2014 15

Q&A

THANK YOU

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information